Hackers exploit Windows policy loophole for malicious kernel access
Chinese hackers have been exploiting a Windows policy loophole to sign and load malicious kernel mode drivers on breached systems. By altering the signing date of drivers before July 29th, 2015, using tools like 'HookSignTool' and 'FuckCertVerify,' threat actors can use older, leaked, non-revoked certificates to escalate privileges and evade detection. Microsoft has revoked associated certificates and suspended developer accounts, but the risk remains as further certificates may still be exposed or stolen.